Schnitzer, Steven 


Cc: 

Subject: 
Attach men ts: 


From: 

Sent: 

To: 


Radke, Bruce A. <bradke@vedderprice.com> 

Friday, May 04, 2018 12:48 PM 
Breach Security; RISK@NVSICNY.GOV; 
SECURITV_BREACH_NOTIFICATION@DOSJNY.GOV 
aianniello@ialawny.com 

Notification of Potential Data Security Incident-Ianniello Anderson, P.C. 
lanniello Anderson, P.C. New York AG Notifieation.pdf 


□ 


Dear Madam/Sir, 

We represent lanniello Anderson, P.C. ("lanniello Anderson"). Pursuant to the attached letter and the New York State 
Security Breach Reporting Form, lanniello Anderson is reporting a potential unauthorized access of unencrypted 
computerized data containing personal information of four (4) New York residents pursuant to N.Y. GEN, BUS. LAW § 
899-aa. 

Please contact me if you have any questions or if I can provide you with any further information concerning this matter. 
Thank you and have a good weekend. 

Bruce A. Radke 

Bruce A. Radke,UEHJCDDd or 
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VedderPrice 


Chicago 

New York 

Washington, DC 

London 

San Francisco 

Los Angeles 

Singapore 


May 4, 2018 


VIA E-MAIL (BREACH.SECURITY@AG.NY.GOV) 


Bruce A. Radke 
Shareholder 
+ 1 312 609 7689 
bradke@vedderprice.com 


AND FEDERAL EXPRESS 


New York State Attorney General’s Office 
SECURITY BREACH NOTIFICATION 
Consumer Frauds & Protective Bureau 
120 Broadway, 3rd Floor 
New York, NY 10271 


VIA E-MAIL (RISK@NYSIC.NY.GOV) AND FEDERAL EXPRESS 

New York State Division of State Police 
SECURITY BREACH NOTIFICATION 
New York State Intelligence Center 
31 Tech Valley Drive, Second Floor 
East Greenbush, NY 12061 

VIA E-MAIL (SECURITY BREACH NOTIFICATION@DOS.NY.GOV) AND 
FEDERAL EXPRESS 


New York State Department of State Division of Consumer Protection 
Attn: Director of the Division of Consumer Protection 
SECURITY BREACH NOTIFICATION 
99 W. Washington Ave,, Suite 650 
Albany, NY 12231 

Re: Notification ofPatential Data Security Incident 

Dear Madam/Sir: 

We represent lanniello Anderson, P.C. (“lanniello Anderson”) in connection with a recent incident that 
may have impacted the personal information of four (4) New York residents, lanniello Anderson is 
reporting a potential unauthorized access of unencrypted computerized data containing personal 
information of those four (4) New York residents pursuant to N.Y. Gen. Bus. Law § 899-aa. 

The investigation of this incident is ongoing, and this notice will be supplemented, if necessary, with any 
new significant facts discovered subsequent to its submission, lanniello Anderson is advising you of 
this incident and submitting the attached New York State Security Breach Reporting Form pursuant to 
N.Y. Gen. Bus, Law § 899-aa based on the information available to date. By providing this notice, 
lanniello Anderson does not waive any potential rights or defenses regarding the applicability of 
New York law or personal jurisdiction in connection with this incident. 


222 North LaSalle Street ] Chicago* Illinois 60601 | T +1 312 609 75 QQ l~ -t 1 312 609 50 05 _ 

V&j'der Price P,C. is affiliated with Vedder Price LLP* which opiates in England and Wales* Vedder Price (CA), LLP* which operates in California* and Vedder Price Pie. Ltd,, which operates in Singapore. 
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Background of the Incident 

lanniello Anderson (www.capitalregionlawyers com) is a law firm with offices in Albany, Clifton Park, 
Saratoga Springs and Glen Falls, New York, lanniello Anderson’s sixteen (16) attorneys provide legal 
services in connection with real estate, family law, criminal defense, civil litigation and personal injury, 
labor and employment, business transactions and estate planning. 

On February 28, 2018, lanniello Anderson became aware that an unauthorized third party may have 
obtained access to an employee’s e-mail account from February 21, 2018 to February 28, 2018. 
During the relevant period, the unauthorized third party is believed to have viewed or accessed a 
limited number of e-mail messages and attachments contained in the employee’s e-mail account which 
contained a small number of individuals’ names, addresses, dates of birth, Social Security numbers and 
in certain instances, driver’s license numbers, lanniello Anderson's other computer systems were not 
penetrated or accessible by the intruder as a result of this incident. 

Upon learning of the incident, the firm promptly launched an internal investigation, immediately took 
steps to secure its systems and prevent any further intrusion and notified the United States Federal 
Bureau of Investigation, lanniello Anderson also retained a leading incident response and digital 
forensics firm to assist in its investigation. Additionally, the firm has already taken measures to help 
prevent this type of incident from occurring in the future, including password policy changes and 
additional, enhanced employee password training. 

Notice to the New York Residents 

On May 3, 2018, lanniello Anderson notified the four ( 4 ) affected New York residents of the incident. 
Attached is the sample notification letter template that was sent to the affected New York residents via 
first-class United States mail. Additionally, lanniello Anderson has arranged to offer one (1) year of 
complimentary credit monitoring and identity theft protection services through Experian to the affected 
New York residents. 


Contact information 


Please contact me if you have any questions or if I can provide you with any further information 
concerning this matter. Thank you. 



Bruce A. Radke 


BAR/bah 

Enclosures 

cc: Anthony R. lanniello, lanniello Anderson, P.C. (via e-mail) 
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NEW YORK STATE SECURITY BREACH REPORTING FORM 

Pursuant to the Information Security Breach and Notification Act 
(General Business Law §899-aa) 


Name and address of Entitv that owns or licenses the computerized data that was subject to the breach: 

lanniello Anderson, P.C. 

Street Address: 805 Route 146, Northway 9 Plaza 

City: Clifton Park State: NY Zip Code: 12065 


Submitted bv: BruceA.Radke Title: Attorney Dated: May 4,2018 

Firm Name (if other than entity): Vedder Price P.C. 

Telephone: (312) 609-7689 Email: bradke@vedderprice.com 

Relationship to Entity whose information was compromised: Attorney for lanniello Anderson, P.C. 



Type of Organization (please select one): f 1 Governmental Entity in New York State; [ ] Other Governmental Entity; 

| ] Educational; [ ]Health Care; [ (Financial Services; [X (Other Commercial; or [ ]Not-for-profit 


Number of Persons Affected; 

Total (Including NYS residents): 6 NYS Residents: 4 

If the number of NYS residents exceeds 5,000, have the consumer reporting agencies been notified? [ j Yes [ | No 


Dates: Breach Occurred; February 21, 2018 to February 28, 2018 Breach Discovered: February 28, 2018 

Consumer Notification; May 3, 2018 


Description of Breach (please select all that apply); 

! [ jl.oss or theft of device or media (e.g., computer, laptop, external hard drive, thumb drive, CD, tape); 
l (Internal system breach; [ (Insider wrongdoing; [ X ) External system breach (e.g., hacking); 

[ (Inadvertent disclosure; | (Other specify: 


Tnformation Acquired: Name or other personal identifier in combination with (please select ah that apply): 

[ X ISodal Security Number 

[ X |Driver's license number or non-driver identification card number 
] )Financial account number 


Manner of Notification to Affected Persons - ATTACH A COPY OF THE TEMPLATE OF T11F NOTICE EO 

AFFECTED NYS RESIDENTS: 

1 X | Written | ] Electronic | ( Telephone [ ] Substitute notice 

List dates of any previous (within 12 months) breach notifications: None_.-_----- 

_ - - - 

Identifv Theft Protection Service Offered: 1 X |Yes i 1 No 

Duration: One Year Provider: Experian 

Brief Description of Service; One (1) year of complimentary Experian IdentityWorks Credit 3B credit monitoring and 
identity theft protection services 
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ANTHONY tv tANNIHLLO 
K1C1 IARD E ANDERSON, JR, 
MEGAN M. BOND 
MA ITHEW 1. MAZUR 
JENNIFER L. TAYLOR 
REBECCA A. BORDEN* 
KELLY M. CURRO** 
MAITHEW T CHAUVIN 
MEGAN A, BOGGS 
MIC! IAEL W, SCHAFER*** 
EDWARD R. Him**** 
JACQUELINE N. GORALCZYK 
SARAH J. BURGER** 
MARC R. PALLOZZ1 


OF COUNSEL: 

Tl tOMAS W. SPINRAD 
KEITH M. FERRARA 

* Also Admitted in MA, MD & PA 
'"Also Admitted in MA 
“**Abo admitted in FT 
**** Also admitted in SC 


A Ianniello 

Anderson, p.c. 

Attorneys and Counselors at Law 

805 ROUTE 146 
NORTHWAY NINE PLAZA 
CLIFTON PARK, NEW YORK 12065 
(518) 37F&888 
FAX: (518) 371-1755 + 

Websites: www.ialawnvxonV 
www.capitalrcgiQnlawvers.com f 


1: lO \ I YR SERVICE OF PAPERS 


8 AIRLINE DRIVE, SUITE 101+ 
ALBANY, NEW YORK 12205 
(518) 371-8888 
FAX: (518) 862-0509+ 

358 BROADWAY, SUITE 206+ 
SARATOGA SPRINGS, NEW YORK 12866 
(518) 371-8888 
FAX: (518) 583-7657+ 

333 GLEN STREET, SUITE 2G0+ 
GLENS PALIS, NEW YORK 12801 
(518) 371-8888 
FAX: (518)792-4366+ 

9990 COCONUT ROAD 
SUITE 345 

BONITA SPRINGS, FLORIDA 34135+ 
(518)371-8888 

ALL SE R VICE OF PA PERS: 

805 ROUTE 146 
NORTHWAY NINE PLAZA 
CLIFTON PARK, NEW YORK 12065 


May 3,2018 
Dear 


Ianniello Anderson, P.C. (“Ianniello Anderson”) values and respects your privacy, which is why 
we are writing to advise you about a recent incident that may affect your personal information. 
Although we have no reason to believe that your personal information has been misused for the 
purpose of committing fraud or identity theft, we are writing to advise you about the steps that 
we have taken to address the incident and provide you with guidance on what you can do to 
protect yourself. 

On February 28, 2018, we became aware that an unauthorized third party may have obtained 
access to an Ianniello Anderson employee’s e-mail account from february 21, 2018 to Icbruary 
28, 2018. During the relevant period, e-mails in the employee’s account contained certain ol 
your personal information including your name, address, date oi birth and Social Security 
number. Please note that at no time were Ianniello Anderson’s other computer systems 
penetrated or accessible by the intruder as a result of this incident. 

Upon learning of the incident, we promptly launched an internal investigation and retained a 
leading incident response and digital forensics firm to assist in our investigation. Additionally, 
we have already taken measures to help prevent this type of incident from occurring in the 
future, including password policy changes and additional, enhanced employee password training. 


Out of an abundance of caution, we are offering a complimentary one-year membership in 
Experian idcntityWorks SM Credit 3B. This product helps detect possible misuse of your personal 
information and provides you with identity protection services focused on immediate 
identification and resolution of identity theft. Identity Works Credit 3B is completely tree to you 
and enrolling in this program will not hurt your credit score. For more information on identity 
theft prevention and IdentityWorks Credit 3B, including instructions on how to activate your 


We are debt collectors attempting to collect a debt and any information obtained will be used for that purpose. 









complimentary one-year membership, please see the additional information provided in this 
letter. 

We value the trust you have placed in us to protect the privacy and security of your personal 
information, and we apologize lor any inconvenience or concern that this incident might cause 
you. Please leel free to contact me with any questions or requests for additional information. 

Sincerely. 


Anthony R. Ianniello 
Partner 

Ianniello Anderson. P.C. 


Activating Your Complimentary Credit Monitoring 

To help protect your identity, we arc offering a complimentary one-year membership in Bxperian IdentityWork$ SM 
Credit 3 IT This product helps detect possible misuse of your personal information and provides you with superior 
identity protection support focused on immediate identification and resolution of identity theft. 

Activate IdentityWorks Credit 3B Now in Three Easy Steps 
ENROLL by: July 19,2018 (Your code will not work after this date.) 

1. VISIT the Experian Identity Works website to enroll: https://www,experianidw r orks,com/3bcredit 

2. PROVIDE the Activation Code: «Activation Code» 

If you have questions about the product, need assistance with identity restoration or would like an alternative to 
enrolling in Experian Identity Works Credit 3 B online, please contact Experian 1 s customer care team at 1-877-288- 
8057. Be prepared to provide engagement number «En gage merit Number» as proof of eligibility for the 
identity restoration services provided by Experian. 

ADDITIONAL DETAILS REGARDING YOUR 12-MONTH EXPERIAN IDENTITYWORKS CREDIT 313 
MEMBERSHIP: 

A credit card is not required for enrollment in Experian Identity Works Credit 3B. 

You can contact Experian immediately without needing to enroll in the product regarding any fraud issues. 
Identity restoration specialists are available to help you address credit and non-credit related fraud. 

Once you enroll in Experian Identity Works Credit 3R* you will have access to the following additional features: 

■ Experian Credit Report at Sign-up: See what information is associated with your credit file. Daily credit 
reports are available tor online members only,* 

* Credit Monitoring: Actively monitors Experian, Equifax and TransUnion files for indicators of fraud. 

■ Experian IdentityWorks ExtendCARE™: You receive the same high level of identity restoration 
support even after your Experian IdentityWorks Credit 3B membership has expired. 

■ SI Million Identity Theft Insurance**: Provides coverage for certain costs and unauthorized electronic 
fund transfers. 

Activate your membership today at https://www,experiamdworks.com/3bcredit, or call 1-877-288-8057 to 
register with the Activation Code listed above. 

What you can do to protect your information: There are additional actions you can consider taking to reduce the 
chances of identity theft or fraud on your account(s). Please refer to www.ExperianIDWorksxom/restoration for 
this information, if you have any questions about IdentityWorks, need help understanding something on your credit 
report or suspect that an item on your credit report may be fraudulent, please contact Experian 1 s customer care team 
at 1-877-288-8057. 

* Online members will be eligible to cull for additional reports quarterly after enrolling. 

** Identity theft insurance is underwritten by insurance company subsidiaries or affiliates of American International Group, Inc, 
(AJG). The description herein is a summary and is intended for informational purposes only, and it does not include all terms, 
conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions and exclusions oi 
coverage. Coverage may not be available in ah jurisdictions. 


Additional Important Information 

As a precautionary measure, we recommend that you remain vigilant to protect against potential fraud and/or identity theft 
by, among other things, reviewing your credit card account statements and credit reports closely. If you detect any 
suspicious activity on an account, you should promptly notify the financial institution or company with w'hieh the account is 
maintained. You should also promptly report any fraudulent activity or any suspected incidents of identity theft to the 
proper law enforcement authorities, including the police and your state’s attorney general, as well as the Federal Trade 
Commission (“FTC”). 

You may wish to review the tips provided by the FTC on fraud alerts, security/credit freezes and steps you can take to avoid 
identity theft. For more information and to contact the FTC, please visit www.ftc.gov/idtheft or call 1-877-ID-THEFT 
(1 -877-438-4338). You may also contact the FTC at Federal Trade Commission, 600 Pennsylvania Avenue, NW, 
Washington, DC 20580. 

Credit Reports : You may obtain a free copy of your credit report once every' 12 months from each of the three national 
credit reporting agencies by visiting www.annualcreditreport.coin, by calling toll-free 1-877-322-8228 or by completing an 
Annual Credit Report Request Form and mailing it to Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA 
30348. You can print a copy of the request form at www.annualereditreport . com/cra/requestfonnfinal.pdf . 

Alternatively, you may elect to purchase a copy of your credit report by contacting one of the three national credit reporting 
agencies. Contact information for the three national credit reporting agencies for the purpose of requesting a copy of your 
credit report or for general inquiries, including obtaining information about fraud alerts and placing a security freeze on your 
credit files, is as follows: 


Equifax 

I -800-349-9960 
wwvv.e qui fax.com 

P.O. Box 105788 
Atlanta, GA 30348 


Experian 
1-888-397-3742 
w'ww.experian.com 

P.O. Box 9554 
Allen, TX 75013 


TransUnion 

1-888-909-8872 

www.transunion.com 

P.O. Box 2000 
Chester, PA 19022 


Fraud Alerts : You may want to consider placing a fraud alert on your credit report. An initial fraud alert is free and will 
stay on your credit file for at least ninety (90) days. The alert informs creditors of possible fraudulent activity within your 
report and requests that the creditor contact you prior to establishing any new accounts in your name. To place a fraud alert 
on your credit report, contact any of the three national credit reporting agencies using the contact information listed above. 
Additional information is available at www.annualcrcditreport.co m. 


Credit and Security Freezes : You may have the right to place a credit freeze, also known as a security freeze, on your 
credit file, so that no new- credit can be opened in your name without the use of a PIN number that is issued to you when you 
initiate the freeze. A credit freeze is designed to prevent potential credit grantors from accessing your credit report without 
your consent. If you place a credit freeze, potential creditors and other third parties will not be able to gain access to your 
credit report unless you temporarily lift the freeze. Therefore, using a credit freeze may delay your ability to obtain credit. 
In addition, you may incur fees to place, lift and/or remove a credit freeze. Credit freeze laws vary from state to stale. The 
cost of placing, temporarily lifting and removing a credit freeze also varies by state, generally $5 to $20 per action at each 
credit reporting company. Unlike a fraud alert, you must separately place a credit freeze on your credit file at each credit 
reporting company. Since the instructions for how to establish a credit freeze differ from state to state, please contact the 
three major credit reporting companies as specified below to find out more information: 

Equifax Security Freeze Experian Security Freeze TransUnion Security Freeze 

P.O. Box 105788 P.O. Box 9554 Fraud Victim Assistance Department 

Atlanta. GA 30348 Allen. TX 75013 P.O. Box 6790 

Fullerton, CA 92834 

You can obtain more information about fraud alerts and credit freezes by contacting the FTC or one of the national credit 
reporting agencies listed above. 










